The
VailNet EMAIL (SPAM) FILTERING PROCESS
VailNet
is using
a new email filtering solution to more accurately block spam messages;
to limit the increasing number of incorrectly identified spam messages
(known as "false positives"); and to allow users more
control over the mail they receive. This page provides an overview
of how our filters handle incoming messages, including the important
"scoring" process, as well as provides guidelines for
your involvement in customizing the filtering process.
VailNet
This service
allows you to block, quarantine, and remove Spam (unsolicited emails)
that might normally be delivered to your mailbox. What
makes "Spam Quarantine" special is your ability to personalize
the filtering process. You can choose which messages and senders
are good (not spam) and bad (spam). Through individual control,
"Spam Quarantine" learns and improves its accuracy over
time, helping to reduce the receipt of unwanted Spam in your mailbox.
Spam
Quarantine" will greatly reduce the amount of spam delivered
to your mailbox, thus speeding up the process of checking mail because
much Spam will never make it to your mailbox. Potential (or real)
Spam will instead be delivered to your quarantine mailbox. This
premium service will send you a daily or weekly email summary (one
letter), listing all the messages that have been quarantined. This
single email provides you with a web link to view, deliver, whitelist,
blacklist, or delete the quarantined emails. You can also used the
web based interface to your quarantine mailbox anytime (allowing
you to view, deliver, whitelist or blacklist emails in your quarantine
mailbox whenever you like).
 What is "spam"? Spam is defined as "unsolicited commercial
email" or email that that is in violation of VailNet’s
Acceptable Use Policies. Technically, the term "spam"
refers to email which is blindly directed to groups of individuals
with commercial or malicious intent. However, in general practice
"spam" tends to be email that you do not care to receive.
How does VailNet determine which email to filter? The growing problem of spam compromises the primary
use of VailNet email for business and personal communication. In
order to combat this, VailNet implemented filtering as a means to
restore the value of email communication. To help us determine which
messages to filter, the “MailFilter” system continually
updates our filters with blocks for the latest spamming techniques,
as well as provides the latest spam definitions. Additionally, the
choices individual users make about what are good and bad messages
help the “MailFilter” system to learn and improve its
accuracy.
As with many corrective solutions, email filtering is less than
perfect. Some legitimate messages will still be treated as spam;
and spam will still pass through the filters undetected. We recognize
the need to monitor and modify filters will persist. However, we
expect the “MailFilter” email filtering solution to
remove the majority of spam and, combined with user preferences,
to be an excellent solution for VailNet.
How does spam filtering work? The spam filtering process involves implementation
of a complex set of rules that give each incoming message a rating
or "score". Before e-mail messages are passed from the
Internet gateway to the e-mail servers, they pass through a server
that calculates a spam score based on both sender information and
message content. Once the message is scored, the filter determines
how to handle the message: reject the e-mail outright, modify the
subject line to indicate the likelihood of spam, or to send the
message on without any action. There are several "layers"
in the spam filtering process. One layer looks for messages that
originate from invalid computer domains that would indicate the
senders are not legitimate or the address has been forged -- e-mail
messages that fit this category are rejected at the server level.
A second layer compares the sender's address against a list of known
spammers on a "Registered Black List" or RBL-- e-mail
messages from known spammers are thereby rejected. A third layer
examines the contents of the message for a series of indicators
that, combined together, create a "spam score" for each
message.
VailNet’s mail filtering uses
Bayesian Analysis and a spam-scoring rule set based upon criteria
established by a number of industry leaders. One such rule set is
maintained by “SpamCop”,
(Click on any of the links to go to the Bayesian, or SpamCop site
for more detailed information about the specific technologies and
rules they employ.) Once a message is scored either via VailNet-determined
or individual user-determined thresholds to dictate how the message
is handled (see "What You Can Do" section below)
How is "scoring" done? Scoring is the very simple process (in concept)
of examining an incoming message, and adding points as certain criteria
or violations are met. Below are examples of the characteristics
that increase the spam score of a message. (In practice, there are
more than 1,500 of these items evaluated for each message):
*Email address mismatches (when the "From:" address does
not match the domain address of the server that sent the message).
*Random characters, all UPPER CASE, or other key words in the subject
line or message body.
*If the body of the message has one or more forwards, one or more
"opt-out" links or several "click here" links.
*If the body of the message contains a single graphical image, or
uses active html scripts or re-directs.
To determine the "score" of any message, simply view the
“message source” information. Scroll through the message
looking for the line that reads: "X-Spam-Score: (X.XX)."
This score is based on a scale of 0 - 9 and is used to determine
the way the message is handled by the filter. (How read email header
information)
As noted above , VailNet has taken a very conservative approach
to filtering messages in order to reduce the chance of messages
being improperly rejected or tagged. E-mails that score 10 or above
are blocked-outright, but a score of 10 means blocking is disabled.
Messages scored between 10 and 3.5 are tagged as possible spam (inserting
the text *****SPAM***** in the subject line) and forwarded to the
recipient. Messages below 3.5 are delivered untouched. You can change
these settings, however, by logging into the VailNet “MailFilter”
service and changing your user settings (see below).
What You Can Do
The final aspect of the spam filtering process involves the ongoing,
fine-tuning of customizable "whitelist" and "blacklist"
rule sets as well as training the Bayesian filters. Whitelist and
blacklist entries override the generic rule sets provided by “SpamCop”,
“ORDB”, “SpamHaus” and the like. Whitelists
are used to permit e-mail transmission from specific senders or
domains regardless of a message's spam score; blacklists block all
e-mails from a sender or domain regardless of score.
You, the end user, now have access to modify your own “MailFilter”
Preferences. Click here for more info.
Below are some examples of what you can do in certain scenarios:
If you receive messages that are properly tagged as spam you can
simply delete them, create a rule to filter the messages to a different
folder, blacklist the e-mail address in your “MailFilter”
Preferences, reduce the threshold at which messages are blocked
instead of tagged in your “MailFilter” Preferences,
or you can download the Spam Client for Outlook and classify the
message as being Spam to help train the Bayesian Filter.
We Do Virus Filtering, Too!
This same process for filtering spam (blocking known, tagging and
forwarding suspected) is also now in place for dealing with potential
virus-carrying messages. Messages that positively hold viruses are
blocked outright with no notification sent to either the sender
of the virus or the recipient. E-mail messages with attachments
that are suspected but not confirmed as being a virus are tagged
(Subject: “This mail is generated by VAMS - virus infection
notice”) and forwarded on. The filter has removed the file
because it is potentially harmful. The filter replaces the e-mail
with a warning message that includes the name of the file and who
sent it. In many cases you can just delete messages that have been
cleaned and tagged. If it is a legitimate file you are trying to
receive, you will need to contact the sender and have them replace
the period in the filename with the word DOT so that it can pass
safely through our filter; you can rename the file back to its original
form after receiving it
Always
be cautious about e-mail attachments and always make sure you have
a properly installed and up-to-date virus
scanning program on your computer. This is a case when
the old adage “An ounce of prevention is worth a pound of
care” applies.
|
